7fa333a20bef7fe4ac497c9c52777858281314f7267a30012bf068abfec53817 | Triage

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/03/2024, 23:49

Sharing

Report Analysis Logs

General

Target

b9f9f5203174394f4ad7664320173f2c.exe
Size

12KB
MD5

b9f9f5203174394f4ad7664320173f2c
SHA1

baf4f53df2164da9deb1100966159e43c1b84dca
SHA256

7fa333a20bef7fe4ac497c9c52777858281314f7267a30012bf068abfec53817
SHA512

deb23f77062dd688fd72b0a70a644faf8b245c10c899948dd1c7fec120e4fcc42e13d7be9ad4647ea7fb077804762315e09c9a19241b128bd0ced08e7265377c
SSDEEP

96:cmckDEgpCK1mIcS53gCToSrauC/a71yQtQKQYQ:cv4Ea8CE/a7MQjQYQ

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2508	1288	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1288 wrote to memory of 2508	1288	b9f9f5203174394f4ad7664320173f2c.exe	28
PID 1288 wrote to memory of 2508	1288	b9f9f5203174394f4ad7664320173f2c.exe	28
PID 1288 wrote to memory of 2508	1288	b9f9f5203174394f4ad7664320173f2c.exe	28
PID 1288 wrote to memory of 2508	1288	b9f9f5203174394f4ad7664320173f2c.exe	28

C:\Users\Admin\AppData\Local\Temp\b9f9f5203174394f4ad7664320173f2c.exe
"C:\Users\Admin\AppData\Local\Temp\b9f9f5203174394f4ad7664320173f2c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1288
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 88
  2⤵
  - Program crash
  PID:2508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads